Acronis Data Breach: Over 21GB of Data Leaked by Hacker Known as Kernelware

What Happened?

On March 9th, 2023, Swiss technology and cybersecurity company Acronis was hit by a data breach, resulting in the leak of over 21 GB of files and folders by a hacker known as Kernelware. The data was posted on Breach Forums and included various certificate files, command logs, system configurations, system information logs, archives of their filesystem, python scripts for their maria. db database, backup configuration stuff, and screenshots of their backup operations. The hacker claimed to have breached Acronis because “they were bored and wanted to humiliate the company.”

Breach Confirmation

Following the breach, Acronis’ CISO, Kevin Reed, confirmed the incident in a LinkedIn post, stating that “Based on our investigation so far, the credentials used by a single specific customer to upload diagnostic data to Acronis support have been compromised.” Liquid Web, a web hosting firm based in Lansing, Michigan, was also implicated in the breach. Several files and folders showed internal images and logs from Liquid Web, although the company stated that no Liquid Web customer credentials, files, or databases were breached.

The Acronis data breach serves as a reminder of the importance of cybersecurity measures for businesses and organizations. As technology continues to advance, the threat of cyberattacks has become more prevalent, and the consequences can be severe, including financial loss, reputational damage, and legal liabilities.

Here are some actions that customers of Acronis can take to protect themselves:

1. Check for updates: Acronis has stated that the credentials used by a single specific customer to upload diagnostic data to Acronis support have been compromised. Customers should check for any updates from Acronis regarding the breach and take necessary steps to secure their accounts.
2. Change passwords: Customers should change their passwords for their Acronis accounts, especially if they have not done so recently. It is also recommended that they use strong and unique passwords and enable two-factor authentication.
3. Review security settings: Customers should review their security settings in their Acronis accounts and make sure that they have enabled all available security features. This includes using strong passwords, two-factor authentication, and any other security features that Acronis offers.
4. Monitor accounts: Customers should monitor their Acronis accounts for any suspicious activity, such as unauthorized logins or changes to their backup operations. If they notice any suspicious activity, they should contact Acronis immediately and take steps to secure their account.
5. Backup data: Customers should make sure that they have backed up their data to a secure location. This will ensure that they have a copy of their data in case their account is compromised or if they lose access to their data for any other reason.

In conclusion,

the Acronis data breach highlights the importance of taking cybersecurity measures seriously. Businesses and organizations must take proactive steps to protect their data and systems by implementing robust cybersecurity measures, such as regular security assessments, employee training, network monitoring, and incident response planning. It is also crucial to stay up to date with the latest cybersecurity trends and best practices to address evolving threats. As for Acronis customers, they should take necessary precautions to secure their accounts and monitor their accounts for any suspicious activity.